Bug 235020

Summary: www/apache24: patch to prevent lockup with TLS 1.3 (PATCH)
Product: Ports & Packages Reporter: Ollivier Robert <roberto>
Component: Individual Port(s)Assignee: freebsd-apache (Nobody) <apache>
Status: Closed FIXED    
Severity: Affects Some People CC: freebsdbugzilla, joneum
Priority: --- Flags: bugzilla: maintainer-feedback? (apache)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch to ssl module. none

Description Ollivier Robert freebsd_committer freebsd_triage 2019-01-17 10:01:44 UTC 
Created attachment 201206 [details]
patch to ssl module.

There is an upstream patch for the SSL module in Apache 2.4 to prevent lockups when using TLS v1.3 and OpenSSL 1.1.1a.  It will be incorporated in the next 2.4 release but it would be nice to include the patch in the meantime.

cf. https://bz.apache.org/bugzilla/show_bug.cgi?id=63052

(I have confirmation the patch works)
Comment 1 Jochen Neumeister freebsd_committer freebsd_triage 2019-01-24 08:19:03 UTC 
Hi :-)

this was fix in r491041

Changelog:
[..]
    *) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
       PR 63052 [Joe Orton]